LimeSurvey < 1.82 Information Disclosure Vulnerability

imeSurvey is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Coppermine Photo Gallery GLOBALS[USER[lang] Parameter Local File Inclusion

The version of Coppermine Photo Gallery installed on the remote host fails to filter user-supplied input to the 'GLOBALSUSERlang' parameter of the 'index.php' script before using it to include PHP code in 'includes/init.inc.php'. Provided PHP's 'registerglobals' setting is enabled, an...

mb_ereg(i)_replace()code injection vulnerability, and extending the regular application of security-vulnerability warning-the black bar safety net

Source: http://www.80vul.com/pch/pch-003.txt mberegireplacecode injection vulnerability, and extends out of the regular application security author: ryatwolvez.org team:http://www.80vul.com date:2009-04-30 A description of the classification mberegreplaceis the support of multibyte regular...

Code injection

Static code injection vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to inject arbitrary PHP code into phpreconfig.php via the formaula parameter...

CVE-2009-1779

PHP remote file inclusion vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the formincludetemplate parameter...

Coppermine Photo Gallery 1.4.22 - SQL Injection

Coppermine Photo Gallery 1.4.22 - SQL Injection !/usr/bin/perl Coppermine Photo Gallery '; banner; $lwp-defaultheader'Accept-Language: en-us,en;q=0.5'; my $html = injrequest' WHERE x'; Wrong query to obtain an error ifnot defined $html print "- Request mistake. Exploit terminated!\n"; exit ;...

CVE-2009-1677

Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow 1 remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking...

Code injection

Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow 1 remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking...

Rama CMS &lt;= 0.9.8 (download.php file) File Disclosure Vulnerability

No description provided by source. Start info: Script Name: Rama Zaitan Cms Script Project: http://sourceforge.net/project/showfiles.php?groupid=212495&packageid=255 590 Download: http://sourceforge.net/project/downloading.php?groupid=212495&filename=cms 975.zip&a=5782381 0.9.5 = Versions =0.9.8 ...

Rama CMS 0.9.8 File Disclosure

Start info: Script Name: Rama Zaitan Cms Script Project: http://sourceforge.net/project/showfiles.php?groupid=212495&packageid=255590 Download: http://sourceforge.net/project/downloading.php?groupid=212495&filename=cms975.zip&a=5782381 0.9.5 Vul header'Content-Disposition: attachment;...

Rama CMS <= 0.9.8 (download.php file) File Disclosure Vulnerability

Exploit for unknown platform in category web applications =================================================================== Rama CMS Vul header'Content-Disposition: attachment; filename='.$file; switch $GET'type' case 'Doc': header 'Content-type: application/msword'; break; case 'Excel': header...

Harland Scripts Command Execution

?php //786 / ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || || ============================================================================== / | | || | | \ | | / ...

Rama CMS 0.9.8 - download.php File Disclosure

Rama CMS 0.9.8 - download.php File Disclosure Start info: Script Name: Rama Zaitan Cms Script Project: http://sourceforge.net/project/showfiles.php?groupid=212495&packageid=255590 Download: http://sourceforge.net/project/downloading.php?groupid=212495&filename=cms975.zip&a=5782381 0.9.5 Vul...

Rama CMS 0.9.8 - &#039;download.php&#039; File Disclosure

Start info: Script Name: Rama Zaitan Cms Script Project: http://sourceforge.net/project/showfiles.php?groupid=212495&packageid=255590 Download: http://sourceforge.net/project/downloading.php?groupid=212495&filename=cms975.zip&a=5782381 0.9.5 Vul header'Content-Disposition: attachment;...

Remote file inclusion

PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0a4.1 allows remote attackers to execute arbitrary PHP code via a URL in the xmldir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the libdir...

CVE-2008-6807

PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0a4.1 allows remote attackers to execute arbitrary PHP code via a URL in the xmldir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the libdir...

CVE-2008-6807

PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0a4.1 allows remote attackers to execute arbitrary PHP code via a URL in the xmldir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the libdir...

Bitweaver <= 2.6 saveFeed() Remote Code Execution Exploit

Exploit for unknown platform in category web applications ========================================================= Bitweaver saveFeed $rssversionname, $cacheFile ; ... it calls saveFeed function in an insecure way, arguments are built on $REQUESTversion var and may contain directory traversal...

CVE-2009-1512

Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php...

Golabi CMS 1.0.1 - Session Poisoning

-------------------------------------------------------------------------------- \ \ / \ | | / \ /\ \ \ \ /| | \ /|| / / | /| /\ / \ / / / // / /// / -------------------------------------------------------------------------------- wWw.CrazyAngel.iR - info-AT-CrazyAngel.iR...